<?php

class UploaderController extends Core_Controller_Action 
{
	public function indexAction() {
		$this->_helper->layout->disableLayout();
		$this->_helper->viewRenderer->setNoRender();
	}

	public function uploadAction() {
		$this->_helper->layout->disableLayout();
		$this->_helper->viewRenderer->setNoRender();
		
//		Core_Logs::log( 'keyenew', 'log', 'in' );
//
//		foreach( $_FILES as $key => $value ) {
//			foreach( $value as $k => $v ) {
//				Core_Logs::log( 'keyenew', 'log', $k . ' => ' . $v );
//			}
//		}
		
		if (isset($_POST["PHPSESSID"])) {
			session_id($_POST["PHPSESSID"]);
		} else if (isset($_GET["PHPSESSID"])) {
			session_id($_GET["PHPSESSID"]);
		}

	// Check post_max_size (http://us3.php.net/manual/en/features.file-upload.php#73762)
		$POST_MAX_SIZE = ini_get('post_max_size');
		$unit = strtoupper(substr($POST_MAX_SIZE, -1));
		$multiplier = ($unit == 'M' ? 1048576 : ($unit == 'K' ? 1024 : ($unit == 'G' ? 1073741824 : 1)));
	
		if ((int)$_SERVER['CONTENT_LENGTH'] > $multiplier*(int)$POST_MAX_SIZE && $POST_MAX_SIZE) {
			header("HTTP/1.1 500 Internal Server Error"); // This will trigger an uploadError event in SWFUpload
			echo "POST exceeded maximum allowed size.";
			exit(0);
		}
	
	// Settings
		$save_path = getcwd() . $this->config['dirs']['upload'];				// The path were we will save the file (getcwd() may not be reliable and should be tested in your environment)
		$upload_name = "Filedata";
		$max_file_size_in_bytes = 2147483647;				// 2GB in bytes
		
		$extension_whitelist = array('7z','ace','arj','bzip2','daa','cab','dmg','gzip','jar','lbr','lqr','lha','bin','rar',
		'iso','nrg','mdx','cad','dwg','drw','dxf','accdb','odb','dtp','indd','mcf','pmd','pub','fm','abw',
		'acl','afp','ans','asc','csv','cwk','doc','docx','dot','dotx','egt','mcw','odm','odt','ott','pages',
		'pap','pdax','pdf','rtf','sdw','stw','sxw','.tex','txt','uof','wpd','wps','wpt','wrd','wrf','wri',
		'bmp','exif','gif','icns','ico','jng','jpeg','jpg','jp2','mng','pdn','pgm','pict','pct','png','psp',
		'px','raw','tga','tiff','xcf','awg','ai','eps','cgm','cdr','cmx','dxf','svg','3dmf','3ds','ac','blend',
		'max','ma','pdf','pcl','ps','snp','odp','otp','pot','pps','ppt','pptx','sdd','shw','sti','sxi','wma',
		'wav','mp2','mp3','mp4','m4a','raw','ra','ods','ots','aag','3gp','asf','avi','m1v','m2v','mpeg','mpg',
		'mov','wmv','flv','html','xhtml','sen','sit','sitx','tar','tgz','gz','z','zip','xml','png');
		
		$valid_chars_regex = '.A-Z0-9_ !@#$%^&()+={}\[\]\',~`-';				// Characters allowed in the file name (in a Regular Expression format)
		Core_Logs::log( 'keyenew', 'log', '$save_path: ' . $save_path );
	// Other variables	
		$MAX_FILENAME_LENGTH = 260;
		$file_name = "";
		$file_extension = "";
		$uploadErrors = array(
	        0=>"There is no error, the file uploaded with success",
	        1=>"The uploaded file exceeds the upload_max_filesize directive in php.ini",
	        2=>"The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form",
	        3=>"The uploaded file was only partially uploaded",
	        4=>"No file was uploaded",
	        6=>"Missing a temporary folder"
		);
	
	// Validate the upload
		if (!isset($_FILES[$upload_name])) {
			$this->HandleError("No upload found in \$_FILES for " . $upload_name);
			exit(0);
		} else if (isset($_FILES[$upload_name]["error"]) && $_FILES[$upload_name]["error"] != 0) {
			$this->HandleError($uploadErrors[$_FILES[$upload_name]["error"]]);
			exit(0);
		} else if (!isset($_FILES[$upload_name]["tmp_name"]) || !@is_uploaded_file($_FILES[$upload_name]["tmp_name"])) {
			$this->HandleError("Upload failed is_uploaded_file test.");
			exit(0);
		} else if (!isset($_FILES[$upload_name]['name'])) {
			$this->HandleError("File has no name.");
			exit(0);
		}
		
	// Validate the file size (Warning: the largest files supported by this code is 2GB)
		$file_size = @filesize($_FILES[$upload_name]["tmp_name"]);
		if (!$file_size || $file_size > $max_file_size_in_bytes) {
			$this->HandleError("File exceeds the maximum allowed size");
			exit(0);
		}
		
		if ($file_size <= 0) {
			$this->HandleError("File size outside allowed lower bound");
			exit(0);
		}
	
	
	// Validate file name (for our purposes we'll just remove invalid characters)
		$file_name = preg_replace('/[^'.$valid_chars_regex.']|\.+$/i', "", basename($_FILES[$upload_name]['name']));
		if (strlen($file_name) == 0 || strlen($file_name) > $MAX_FILENAME_LENGTH) {
			$this->HandleError("Invalid file name");
			exit(0);
		}
	
	
	// Validate that we won't over-write an existing file
		if (file_exists($save_path . $file_name)) {
			$this->HandleError("File with this name already exists");
			exit(0);
		}
	
	// Validate file extension
		$path_info = pathinfo($_FILES[$upload_name]['name']);
		$file_extension = $path_info["extension"];
		$is_valid_extension = false;
		foreach ($extension_whitelist as $extension) {
			if (strcasecmp($file_extension, $extension) == 0) {
				$is_valid_extension = true;
				break;
			}
		}
		if (!$is_valid_extension) {
			$this->HandleError("Invalid file extension");
			exit(0);
		}
	
	// Validate file contents (extension and mime-type can't be trusted)
		/*
			Validating the file contents is OS and web server configuration dependant.  Also, it may not be reliable.
			See the comments on this page: http://us2.php.net/fileinfo
			
			Also see http://72.14.253.104/search?q=cache:3YGZfcnKDrYJ:www.scanit.be/uploads/php-file-upload.pdf+php+file+command&hl=en&ct=clnk&cd=8&gl=us&client=firefox-a
			 which describes how a PHP script can be embedded within a GIF image file.
			
			Therefore, no sample code will be provided here.  Research the issue, decide how much security is
			 needed, and implement a solution that meets the needs.
		*/
	
	
	// Process the file
		/*
			At this point we are ready to process the valid file. This sample code shows how to save the file. Other tasks
			 could be done such as creating an entry in a database or generating a thumbnail.
			 
			Depending on your server OS and needs you may need to set the Security Permissions on the file after it has
			been saved.
		*/
		
		$file_name = file_get_contents( $_FILES[$upload_name]["tmp_name"], $save_path . md5( $file_name ) . '.' . $file_extension );
		
		if (!@move_uploaded_file($_FILES[$upload_name]["tmp_name"], $save_path . md5( $file_name ) . '.' . $file_extension ) ) {
			$this->HandleError("File could not be saved.");
			exit(0);
		} else {
			chmod( $save_path . md5( $file_name ) . '.' . $file_extension, 0777 );
			echo md5( $file_name ) . '.' . $file_extension;
		}
	
		exit(0);

	}
	
	public function HandleError($message) {
		echo $message;
	}
}